Basic Email Attachment Security
Simplify and secure email attachment management with mxHERO's powerful email flow rules, enabling organizations to automate document protection, storage, and compliance with ease.
Table of Contents
Managing email attachments and protecting sensitive information is crucial in today's digital workplace. The mxHERO platform provides a robust solution for creating customized email flow rules that help organizations secure and organize their digital communications effectively.
This document explains how to configure an attachment security rule with commonly selected options. There are many more options that can be set than those covered here, but this guide provides a basic understanding of how you can approach creating rules to meet your organization's particular requirements.
Understanding Attachment Security Rules
Email flow rules allow you to automate how your organization handles incoming and outgoing emails. With mxHERO, you can create sophisticated rules that protect attachments, manage storage, and ensure compliance with your company's communication policies.
This tutorial show you how to set up a basic attachment security rule. This rule will save only attachments. More advanced rules can be constructed to save the email message as well, among many other options.
Flow Diagram
The following diagram provides a simple visual description of how basic attachment security works. Here we show attachments flowing to Box.
Step by Step Instruction
Select “Create a Rule” from the Rules menu
Select Protect Attachments
… then press the button at the bottom “Start Rule Creation”
Advanced Options
In advanced options you can change where generated cloud storage links are added after attachments are removed.
- Email's body
- Only the email body (top of the message) will have attachment links.
- “attachments.pdf” file
- A new file will be attached. This file is a PDF with links to the attachments. Attaching this file ensures that the email continues to have an attachment identifier (e.g., paperclip) for the recipient.
- Both
- This is the default.
If you are opting for password secured attachments with email notifications, the email notification can per personalized here.
Select what you want to save
- Email
- The email message body
- Attachments
- File attachments
- Email's Body in PDF
- Also save a copy of the email as a PDF
- File type
- .EML: a universal email format
- recommended - also works with Microsoft Outlook
- .MSG: Microsoft Outlook specific format
- .EML: a universal email format
Press “Confirm” to proceed to the next step.
Target Selection
Rule Setting: Email Flow
This article explains targeting Email Flow. Other options are available.
- Email Flow
- Process emails in realtime - as they are being sent and received
-
User Mailboxes
- Process emails already in user Mailboxes. Use this option to process past emails.
Defining the Email Flow
Upon selecting “Email Flow” you will need to define exactly what flow you want to capture.
- Between / From
- The first field determines the flow direction
- Between: process emails moving between the sender and recipient in both directions
- The first field determines the flow direction
Sender and Recipient
These fields are filled with one of the following:
- Anyone (keyword) indicates any email
- Anyone Else (keyword) indicates any email NOT of your domain (external)
- Organization (keyword) indicates the organization currently managing the rule (typically your domain)
- Email address - a specific email address that you input (e.g., bob@acme.com)
📣 Important when selecting Email Flow Sender / Recipient
It is required that either the sender or recipient be an entity that is fully managed by the organization.
For example, suppose the Mail2Cloud admin is from the organization acme.com:
| Sender | Recipient | Observation |
| Organization | bank.co.uk | ✅ works because Organization is acme.com |
| john@other.com | bank.co.uk | 🚫 does not work because neither field is in acme.com |
| john@other.com | mary@acme.com | ✅ works because one of the fields is in acme.com |
| bob@other.com | Anyone | 🚫 does not work because Anyone is not necessarily someone managed by acme.com |
| Organization | Anyone Else | ✅ works because Organization is acme.com (see note below) |
👍 Protecting Emails Sent/Received Externally
To create a rule to specifically protect emails sent and received outside of your organization use:
To Sender: Organization, Recipient: Anyone Else
Cloud Storage
Selecting the Cloud Storage system
Cloud storage account
Select the cloud storage account.
Synced storage (recommended)
For best performance, storage systems should be “synced”. See the “Settings > Integrations” section of the dashboard.
Synced storage allows for useful features, like automatically saving to the email user's account. For example:
Email sent from or to mary@acme.com is automatically saved in the mary@acme.com storage account. Likewise, email from or to bob@acme.com is automatically saved in the bob@acme.com storage account.
Individual Storage Account
To save captured content to an individual storage account select one of the available individual accounts or “Add Account”.
Security Option
Select the type security that should be applied to the attachments links created by this rule.
Some common preset options include:
- Public access links
- Links that are accessible by anyone
- 7 days expiration public access links
- Public links that are only valid for 7 days
- Organization access links
- Only those from the organization can access these links. This option is best for internal email rules only.
Note that options may differ based on cloud storage capabilities.
In addition to preset security rules, if your organization has configured custom security policies or definitions, they will also be listed.
Rule Setting: Storage Filepath
Storage Filepath
The storage filepath configuration allows your to implement dynamic filing, storing file attachments into targeted folder hierarchies based upon a wide variety of methods ranging from simple pattern matching to advanced AI.
In this field, set the full path (from the root of your storage account) where content should be placed when captured. Variables (dynamic values) are applied to the folder path by typing in “{”, which opens a variables selector.
There are many preset variable to choose from and more variable can be custom created.
For example, in the following path is created using a collection of preset variables:
- Protected Attachments
- This is a literal value. File will be stored to a folder path with the first folder being “Protected Attachments”
- {Email Address}
- This is a variable value (as indicated by the “{”). It will resolve to the email address of the managed account that the rule is processing. For example, if the dashboard organization is acme.com, for email to mary@acme.com the value of {Email Address} would be “mary@acme.com”.
- {Peer Address}
- This variable represents the email address of the “peer” of the email address of the managed account. For example, if the email is from the managed address of mary@acme.com, the peer address would be set to the email address of the recipient.
- {Subject Normalized}
- This variable is the original subject line of the email with prepended characters added for response and forward emails removed (e.g., “Re:”, “Fwd:”).
- {Sent or Received Date / yyyyMMdd}
- This variable represents the sent (for emails sent by managed accounts) or the received (for emails received by managed accounts) dates of the email message in the format yyyyMMdd. For example, email sent by mary@acme.com on August 3, 2023 would set the variable's value to “20230803”
Example email filing
For the Mail2Cloud Organization, “corp.mxhero.com”, the email attachment (Demo.xlxs) sent in the email below, if forwarded on April 21, 2024…
with the following Mail2Cloud dynamic path, would result in the cloud storage full path:
Protected Attachments > demo@corp.mxhero.com > adelev@ymmn8.onmicrosoft.com > [P20240214] Proposed budget / 20240421
| Path assignment or variable | Resulting Value |
| Protected Attachments | Protected Attachments |
| {Email Address} | demo@corp.mxhero.com |
| {Peer Address} | adelev@ymmn8.onmicrosoft.com |
|
{Subject Normalized} Note the “FW:” is removed |
[P20240214] Proposed budget |
|
{Sent or Received Date / yyyyMMdd} For the send date: April 21,2024 |
20240421 |
Example email filing
For the email below…
The following Mail2Cloud dynamic path would result in the cloud storage full path:
Activating (saving the rule)
Once the Storage Filepath is confirmed the rule must be saved. Once saved the rule is “active”. Note that only rules that have names can be saved. This is done in the Rule Name field that may be at the far right side of the page or below the “Save Rule” button depending on the width of the browser window.
📣 Rules must be named before saving
You will not be able to save a rule until all of the configuration sections have been confirmed and the rule has been named.
